Given the nature of these vulnerabilities, please review your environment and make sure your version of Chrome is up-to-date.
https://www.zdnet.com/article/google-chrome-impacted-by-new-magellan-2-0-vulnerabilities/?mid=1
Chrome
Latest Chrome update plugs a zero-day hole
I particularly like the title from the linked article from “The Register” – “Put down the cat, coffee, beer pint, martini, whatever you’re holding, and make sure you’ve updated Chrome (unless you enjoy being hacked)” . It is imperative that we all patch these types of zero day vulnerabilities, especially once they are active in the wild. Review and patch accordingly!
https://www.theregister.co.uk/2019/03/07/google_chrome_zero_day/
https://www.welivesecurity.com/2019/03/07/latest-chrome-update-plugs-zero-day-hole/
GOOGLE PATCHES 34 BROWSER BUGS IN CHROME 67, ADDS SPECTRE FIXES
Please review your Chrome implementations and patch accordingly.
https://threatpost.com/google-patches-34-browser-bugs-in-chrome-67-adds-spectre-fixes/132370/
Safer browsing coming soon to MacOS Chrome users
It’s about time Google decided to care about those of us who choose to browse the Internet from a Mac. In all seriousness, long gone are the days when Mac users can live under the security blanket of obscurity, fueled by the assumption that no one bothers to write viruses for MacOS. The threat of infection is real and so should be the tools we use to defend against it.
https://nakedsecurity.sophos.com/2018/03/07/safer-browsing-coming-soon-to-macos-chrome-users/
FIREFOX, CHROME PATCH VULNERABILITIES, ADD SECURITY FEATURES
Take a moment to review your browsers and update accordingly.
https://threatpost.com/firefox-chrome-patch-vulnerabilities-add-security-features/129658/
Anatomy of a Chrome for Android bug: the mixed-up world of mobile browsers
These types of compromises associated with minor vulnerabilities and drive-by downloads are difficult to defend against in the absence of awareness training. Please take the time to educate your users on download best practices. We cannot continue to allow users to be desensitized to the error messages and warnings that come along with most browsers.
Take the time to properly configure certificates for local machines and properly manage user expectations when browsing.
Google Plugs 21 Security Holes in Chrome
If you are not auto-updating your Chrome implementations, now would be the time to review and update.
https://threatpost.com/google-plugs-21-security-holes-in-chrome/121289/
Chrome 53 Fixes Address Spoofing Vulnerability, 32 Other Bugs
Review your Chrome implementations and patch accordingly.
https://threatpost.com/chrome-53-fixes-address-spoofing-vulnerability-32-other-bugs/120305/
Google Patches Two High-Severity Flaws in Chrome
If you are not already automatically patching your Google Chrome deployments, please review these version numbers and patch accordingly.
https://threatpost.com/google-patches-two-high-severity-flaws-in-chrome/118441/
Patch Tuesday Recaps
Patch Tuesday arrived yesterday and several important updates were released:
Microsoft has released multiple critical updates spanning all operating systems –
https://isc.sans.edu/diary/Microsoft+February+2016+Patch+Tuesday/20711
Adobe has also released several updates and patches this month –
https://isc.sans.edu/diary/Adobe+Patch+Tuesday+-+February+2016/20713
Google also released an update to Chrome to address several vulnerabilities –
https://www.us-cert.gov/ncas/current-activity/2016/02/09/Google-Releases-Security-Update-Chrome
